Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10Cracked LB...ts.dll
windows7-x64
1Cracked LB...ts.dll
windows10-2004-x64
1Cracked LB...ec.dll
windows7-x64
1Cracked LB...ec.dll
windows10-2004-x64
1Cracked LB...re.dll
windows7-x64
1Cracked LB...re.dll
windows10-2004-x64
1Cracked LB...le.dll
windows7-x64
1Cracked LB...le.dll
windows10-2004-x64
1Cracked LB...up.exe
windows7-x64
7Cracked LB...up.exe
windows10-2004-x64
7Analysis
-
max time kernel
117s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
20/03/2025, 17:31
Behavioral task
behavioral1
Sample
Cracked LB-PHONE/client/tool-formats.dll
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
Cracked LB-PHONE/client/tool-formats.dll
Resource
win10v2004-20250314-en
Behavioral task
behavioral3
Sample
Cracked LB-PHONE/client/tool-vehrec.dll
Resource
win7-20241023-en
Behavioral task
behavioral4
Sample
Cracked LB-PHONE/client/tool-vehrec.dll
Resource
win10v2004-20250314-en
Behavioral task
behavioral5
Sample
Cracked LB-PHONE/client/vfs-core.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Cracked LB-PHONE/client/vfs-core.dll
Resource
win10v2004-20250314-en
Behavioral task
behavioral7
Sample
Cracked LB-PHONE/client/voip-server-mumble.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Cracked LB-PHONE/client/voip-server-mumble.dll
Resource
win10v2004-20250314-en
Behavioral task
behavioral9
Sample
Cracked LB-PHONE/setup.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
Cracked LB-PHONE/setup.exe
Resource
win10v2004-20250314-en
General
-
Target
Cracked LB-PHONE/setup.exe
-
Size
17.7MB
-
MD5
b841c3328c8c0b782dffa4b6bd6ddb36
-
SHA1
06e94314de7a36c0710bcf6e051dd49a194ec796
-
SHA256
62a2fdf7ed3833f9aeea8af9bdb438611ce44e90c9cf0f81a887f25bd1aabcec
-
SHA512
5b550fedefa53eb34796ec1989882dfb37cafc84edfc94310267d47d6355b1a37fe084fba4d8cd5a2b7f1c63659d81fbf53b31afef2a31721ac0e4dcdbee2bc7
-
SSDEEP
393216:FqPnLFXlrSQ8DOETgsvfGF+g1RLUDvEJVJY/VQq:8PLFXNSQhEpgJUoJAP
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2308 setup.exe -
resource yara_rule behavioral9/files/0x000500000001a4fc-111.dat upx behavioral9/memory/2308-113-0x000007FEF5F50000-0x000007FEF63BE000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 592 wrote to memory of 2308 592 setup.exe 30 PID 592 wrote to memory of 2308 592 setup.exe 30 PID 592 wrote to memory of 2308 592 setup.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\Cracked LB-PHONE\setup.exe"C:\Users\Admin\AppData\Local\Temp\Cracked LB-PHONE\setup.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:592 -
C:\Users\Admin\AppData\Local\Temp\Cracked LB-PHONE\setup.exe"C:\Users\Admin\AppData\Local\Temp\Cracked LB-PHONE\setup.exe"2⤵
- Loads dropped DLL
PID:2308
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD569d4f13fbaeee9b551c2d9a4a94d4458
SHA169540d8dfc0ee299a7ff6585018c7db0662aa629
SHA256801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046
SHA5128e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378